What is the Windows Clipboard?

The Windows clipboard is a built‑in feature that temporarily stores anything you copy—text, images, files. The clipboard is stored in regular RAM, just like any other application data. There is no dedicated hardware region or special memory bank reserved for it. It is wrapped in OS‑level access control and session isolation.

Here’s how it works:

1. Copy: When you select text, an image, or any other data and press Ctrl+C or right-click and select “Copy,” the operating system copies the selected data to the clipboard.
2. Store: This copied data is stored temporarily in the clipboard’s memory, waiting to be pasted.
3. Paste: When you want to use the copied data, you press Ctrl+V or right-click and select “Paste,” and the clipboard sends the data to the active application or document.
   

With my Clipboard Plaintext Power Tool you can apply transformations to item on the Clipboard, before pasting. Example transformations include, convert case to Title Case, extract sentences, or remove duplicates, get GPS data from an image. Do this in 1-click, comes with smart Clipboard History too. Check it out!


How Windows Protects Clipboard Data

The Windows clipboard uses normal system memory, not a special protected memory region — but Windows does protect access to it. Only processes running in the same user session can access the 

clipboard. A random background service running as SYSTEM cannot read your clipboard unless it explicitly impersonates your user.

Apps must use the official APIs (Using the Clipboard - Win32 apps | Microsoft Learn), to access the clipboard, see below.

Windows enforces:

• Only one process can open the clipboard at a time.

• A process must own the clipboard to modify it.

• Apps cannot read the clipboard without requesting access.

Technical Details

The Windows clipboard was designed as a mechanism that Microsoft Windows operating systems use to allow data to be shared between applications. It first appeared in Windows 3.1, although its functionality has greatly increased since then. 

When you copy something, Windows doesn’t just store the raw bytes.

It stores one or more representations of the data, each tagged with a format ID.

A clipboard format tells Windows and applications:

• what kind of data is stored

• how to interpret it

• how to convert it if needed

This is why you can copy text from Word and paste it as plain text, rich text, HTML, or even an image depending on the target app.

With my Clipboard Plaintext Power Tool you can apply transformations to these formats and more!


Live View Clipboard Formats

Clipboard formats commonly used (CF_TEXT, CF_UNICODETEXT, CF_HDROP, custom formats) are stored as handles to memory blocks.

Live look at list all formats when you copy an item. You must REFRESH, on each copy.
InsideClipboard - View the content of all formats stored in the Clipboard (nirsoft.net)

Microsoft also provides the ability for “private data formats”, custom formats that are application specific (for example, fonts in a word processing program), and that could be registered so that other applications could transfer data in these formats. Two private data formats that are used extensively are object link embedding CF_OLE (0xC013) decimal 49171 and CF_ DataObjects (0xC009) decimal 49161.

For an application to send data to the clipboard, it first allocates a block of global memory using GlobalAlloc, Global- Lock, and GlobalUnlock . It then opens the clipboard using OpenClipboard, empties it using EmptyClipboard, places the clipboard data using SetClipboard and then closes the clipboard using CloseClipboard (Microsoft.com). While only one piece of data can be present in the clipboard at any given time, it is possible to send and store that piece of data in multiple formats by performing multiple SetClipboardData functions. 

This allows applications that handle data in different ways to all have access to it (e.g., text in Microsoft Word with or without formatting). Once data is in the clipboard, the block of global memory belongs to the clipboard and other pointers to it become invalid. Getting data from the clipboard is even easier and involves opening the clipboard, determining which of the available clipboard formats to retrieve (this is an application specific task), retrieving a handle to the data, and then closing the clipboard.

Open Source: Standard Clipboard Formats (Winuser.h) - Win32 apps | Microsoft Learn

The clipboard formats defined by the system are called standard clipboard formats. These clipboard formats are described in the following table.

Constant/value	Description
CF_BITMAP 2	A handle to a bitmap (HBITMAP).
CF_DIB 8	A memory object containing a BITMAPINFO structure followed by the bitmap bits.
CF_DIBV5 17	A memory object containing a BITMAPV5HEADER structure followed by the bitmap color space information and the bitmap bits.
CF_DIF 5	Software Arts' Data Interchange Format.
CF_DSPBITMAP 0x0082	Bitmap display format associated with a private format. The hMem parameter must be a handle to data that can be displayed in bitmap format in lieu of the privately formatted data.
CF_DSPENHMETAFILE 0x008E	Enhanced metafile display format associated with a private format. The hMem parameter must be a handle to data that can be displayed in enhanced metafile format in lieu of the privately formatted data.
CF_DSPMETAFILEPICT 0x0083	Metafile-picture display format associated with a private format. The hMem parameter must be a handle to data that can be displayed in metafile-picture format in lieu of the privately formatted data.
CF_DSPTEXT 0x0081	Text display format associated with a private format. The hMem parameter must be a handle to data that can be displayed in text format in lieu of the privately formatted data.
CF_ENHMETAFILE 14	A handle to an enhanced metafile (HENHMETAFILE).
CF_GDIOBJFIRST 0x0300	Start of a range of integer values for application-defined GDI object clipboard formats. The end of the range is CF_GDIOBJLAST. Handles associated with clipboard formats in this range are not automatically deleted using the GlobalFree function when the clipboard is emptied. Also, when using values in this range, the hMem parameter is not a handle to a GDI object, but is a handle allocated by the GlobalAlloc function with the GMEM_MOVEABLE flag.
CF_GDIOBJLAST 0x03FF	See CF_GDIOBJFIRST.
CF_HDROP 15	A handle to type HDROP that identifies a list of files. An application can retrieve information about the files by passing the handle to the DragQueryFile function.
CF_LOCALE 16	The data is a handle to the locale identifier associated with text in the clipboard. When you close the clipboard, if it contains CF_TEXT data but no CF_LOCALE data, the system automatically sets the CF_LOCALE format to the current input language. You can use the CF_LOCALE format to associate a different locale with the clipboard text. An application that pastes text from the clipboard can retrieve this format to determine which character set was used to generate the text. Note that the clipboard does not support plain text in multiple character sets. To achieve this, use a formatted text data type such as RTF instead. The system uses the code page associated with CF_LOCALE to implicitly convert from CF_TEXT to CF_UNICODETEXT. Therefore, the correct code page table is used for the conversion.
CF_METAFILEPICT 3	Handle to a metafile picture format as defined by the METAFILEPICT structure. When passing a CF_METAFILEPICT handle by means of DDE, the application responsible for deleting hMem should also free the metafile referred to by the CF_METAFILEPICT handle.
CF_OEMTEXT 7	Text format containing characters in the OEM character set. Each line ends with a carriage return/linefeed (CR-LF) combination. A null character signals the end of the data.
CF_OWNERDISPLAY 0x0080	Owner-display format. The clipboard owner must display and update the clipboard viewer window, and receive the WM_ASKCBFORMATNAME, WM_HSCROLLCLIPBOARD, WM_PAINTCLIPBOARD, WM_SIZECLIPBOARD, and WM_VSCROLLCLIPBOARD messages. The hMem parameter must be NULL.
CF_PALETTE 9	Handle to a color palette. Whenever an application places data in the clipboard that depends on or assumes a color palette, it should place the palette on the clipboard as well. If the clipboard contains data in the CF_PALETTE (logical color palette) format, the application should use the SelectPalette and RealizePalette functions to realize (compare) any other data in the clipboard against that logical palette. When displaying clipboard data, the clipboard always uses as its current palette any object on the clipboard that is in the CF_PALETTE format.
CF_PENDATA 10	Data for the pen extensions to the Microsoft Windows for Pen Computing.
CF_PRIVATEFIRST 0x0200	Start of a range of integer values for private clipboard formats. The range ends with CF_PRIVATELAST. Handles associated with private clipboard formats are not freed automatically; the clipboard owner must free such handles, typically in response to the WM_DESTROYCLIPBOARD message.
CF_PRIVATELAST 0x02FF	See CF_PRIVATEFIRST.
CF_RIFF 11	Represents audio data more complex than can be represented in a CF_WAVE standard wave format.
CF_SYLK 4	Microsoft Symbolic Link (SYLK) format.
CF_TEXT 1	Text format. Each line ends with a carriage return/linefeed (CR-LF) combination. A null character signals the end of the data. Use this format for ANSI text.
CF_TIFF 6	Tagged-image file format.
CF_UNICODETEXT 13	Unicode text format. Each line ends with a carriage return/linefeed (CR-LF) combination. A null character signals the end of the data.
CF_WAVE 12	Represents audio data in one of the standard wave formats, such as 11 kHz or 22 kHz PCM.

Other Questions
Is there a maximum size for Windows clipboard data? Because I'm getting null for something I know should be there - The Old New Thing (microsoft.com)

QBet Casino Phishing Email with subject Your £100 awaits

For the record, this is a Microsoft Cloud storage phishing email attempt that is recently going around, with subject Your £100 awaits

What to do?  Report them, goto bottom of page. 

From: QBET VIP <no-reply@bouaid3-f1658.firebaseapp.com> Subject: Your £100 awaits Qbet Casino  Claim Your premium welcome gift. Cash Bonus £100 Free Spins 500 Get Bonus Now Play all games Withdraw anytime 24/7 customer support

PHISHING LINKs;

1. http://allinoursite.com/fwd/xxx?youremail

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

UK Car Refund Phishing Email with subject You Might Qualify for a Car Finance Refund - Find Out in 60 Seconds

For the record, this is a Microsoft Cloud storage phishing email attempt that is recently going around, with subject Votre Cloud est plein. Agissez maintenant ou perdez tout. Contains attachment cloud.pdf, do not open. All pdfs can contain malware.

What to do?  Report them, goto bottom of page. 

From: UK Refund Review <noreply@yuyu2-a554d.firebaseapp.com> Subject: You Might Qualify for a Car Finance Refund - Find Out in 60 Seconds “Had a car on finance between 2007 – 2024? You're invited to check if you're owed money back” CHECK REFUNDS ✓ A finance agreement from 2007 – 2024. ✓ Invited to check if you're owed money. ✓ We find your previous agreements. ✓ Average of £700* per eligible agreement \*On 07/10/2025, the FCA, in Consultation Paper (CP25/27), expect eligible consumers to receive an average of £700 per agreement. Right 2 Redress is a trading name of Reclaim My Money Limited, who is authorised and regulated by the Financial Conduct Authority for Claims Management Activity (FRN: 934965) and registered under the Data Protection Act 2018 (ZB630486). The company is registered in England and Wales (No. 12838621) with its registered office at 85 Gresham Street, London, EC2V 7NQ. We will receive referral fees from third parties for successful claims at no cost to you. Using our service does not guarantee a faster or better outcome. You can also claim for free through your lender, the Financial Ombudsman Service, or the FCA compensation scheme launching in 2026. CHECK REFUNDS NOW →

PHISHING LINKs;

1. https://www.augenticdsz.com/xxx/xxx/?creative_id=xxx (buttons)

2. https://lh3.googleusercontent.com/d/xxxx (image)

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx